Share via

Implementing the DNS Admins Role

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Use the following procedure to implement the DNS admins role.

  1. Create a Universal Group called <Forest-Name> DNS Admins in the Service Management OU (ou=Service Management, dc=<Forest Root Domain>).

    Note

    If Universal groups are not available, create a Global security group.

  2. Grant the <Forest-Name> DNS Admins the following permissions:

    • Full control on CN=MicrosoftDNS, DC=ForestDnsZones, DC=<forest root domain>

  3. Create one Global Group called <Domain-Name> DNS Admins in the Service Management OU for each domain (ou=Service Management, dc=<Forest Root Domain>).

  4. In each domain and on ever NDNC used by DNS <domain>, grant the respective <Domain-Name> DNS Admins group the following permissions:

    • Full control on CN=MicrosoftDNS, CN=System, DC=<domain>

    • Full control on CN=MicrosoftDNS, DC=DomainDnsZones, DC=<domain>

  5. Make the <Forest-Name> DNS Admins a member of the <Domain-Name> DNS Admins group from each domain.